Jump to content

BSOD when running scan


Deborahhh

Recommended Posts

Ron:

I have moved my post to to this area as requested and started new topic. 

If you'd like me to assist you further with this myself then please say so in your new topic.

Yes, please !  I've copied your last post below from :  https://forums.malwarebytes.org/index.php?/topic/157397-bsod-mbamswissarmysys-file/
Thank you

Deb

 

The logs indicate that the computer is either currently infected or is suffering damage that was more than likely done by a previous infection.

 

 

Application errors:
==================
Error: (09/22/2014 03:55:28 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (09/22/2014 03:30:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x01460fef.
Processing media-specific event for [explorer.exe!ws!]

 

 

As we cannot work on malware removal or clean up in this sub-section of the forum I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.
 

If you'd like me to assist you further with this myself then please say so in your new topic.

 

Thank you

Ron Lewis

Link to post
Share on other sites

  • Root Admin

Let's start by doing a Disk Check.
 
Please run a Full Disk Check on your system drive. 
 
On Windows 8 the disk check log is in the Event Logs under Application with a heading source of  Chkdsk

How to Read the Event Viewer Log for Check Disk (chkdsk) in Vista, Windows 7, and Windows 8
 
Please open an Elevated Command Prompt
How to Open an Elevated Command Prompt in Windows 8

In the DOS Console type the following exactly and then press the Enter key.

CHKDSK  C:  /R

The program will respond with something like this:
 

Chkdsk cannot run because the volume is in use by another
process.  Would you like to schedule this volume to be
checked the next time the system restarts? (Y/N)


Go ahead and press the Y key and then the Enter key and restart the computer.
It should take at least 10 minutes to run the disk check but could take hours to complete depending on how much data you have.

Once the disk check has completed then using the information above please copy/paste the results of the disk check from the Event Logs on your next reply or attach as a text file if needed using the "More Reply Options" button.

Link to post
Share on other sites

  • Root Admin

Yes, basically the same thing.

Click on START - RUN and type in CMD.EXE and click OK

Then type the same thing.

CHKDSK C: /R

Restart the computer and let it run. Then from the Event Logs you can find and post back what it did.

 

On Windows XP the disk check log is in the Event Logs under Application with a heading source of  Winlogon

 

How to view and manage event logs in Event Viewer in Windows XP

Link to post
Share on other sites

Below is log from Event Viewer after running chkdsk

 

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         
Cleaning up instance tags for file 0x1108d.
Cleaning up minor inconsistencies on the drive.
Cleaning up 5285 unused index entries from index $SII of file 0x9.
Cleaning up 5285 unused index entries from index $SDH of file 0x9.
Cleaning up 5285 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.
Windows has made corrections to the file system.

 195350368 KB total disk space.
  82163140 KB in 139099 files.
     99244 KB in 11928 indexes.
         0 KB in bad sectors.
    284704 KB in use by the system.
     65536 KB occupied by the log file.
 112803280 KB available on disk.

      4096 bytes in each allocation unit.
  48837592 total allocation units on disk.
  28200820 allocation units available on disk.

Internal Info:
20 70 02 00 ff 4d 02 00 cb 4a 03 00 00 00 00 00   p...M...J......
ff 70 01 00 04 00 00 00 ef 1a 00 00 00 00 00 00  .p..............
18 75 18 0a 00 00 00 00 b0 0d 02 21 01 00 00 00  .u.........!....
be ea d7 4c 00 00 00 00 2c f0 34 24 08 00 00 00  ...L....,.4$....
24 08 b7 42 07 00 00 00 10 a1 dc e8 10 00 00 00  $..B............
30 d3 d0 b2 00 00 00 00 90 38 07 00 5b 1f 02 00  0........8..[...
00 00 00 00 00 10 d7 96 13 00 00 00 98 2e 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.


For more information, see Help and Support Center at

Link to post
Share on other sites

  • Root Admin

Great, thank you. Okay now please run FRST again and make sure you place a check mark in the Additions.txt check box and post back both new logs.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well.


 

Link to post
Share on other sites

  • Root Admin

Please follow the directions exactly as shown. If you have any questions please let me know.
 
If needed please print out these directions and do not go online or check email until you get antivirus running again.

 

STEP 1
Please download Malwarebytes Anti-Rootkit from HERE and save it to your computer, then quit your browser.

STEP 2

  • Unzip the contents to a folder in a convenient location but remember where you put it.

STEP 3
Download the AVG installer so that you can reinstall AVG antivirus. Make sure you have your license information if using a paid version.


STEP 4
Once you have the installer then go ahead and uninstall AVG temporarily.

Also uninstall the AVG Secure Search and restart the computer but do not go online with any mail or browsers.

STEP 5

  • Open the folder where the MBAR contents were unzipped and you should see an MBAR folder and under that folder you should see a folder called PLUGINS and inside that folder a file called fixdamage.exe
  • Double Click on the fixdamage.exe file and then restart the computer once completed

STEP 6
Now run the following...

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 7
Run the FRST program again now and make sure you place a check mark in the Additions.txt check box and post back both new logs on your next reply.

STEP 8
Go ahead now and reinstall your AVG antivirus and check for updates and do a System Scan and let me know if it finds anything or not.

Link to post
Share on other sites

Hi Ron

As requested,  MBAM application log, FRST and Additions logs copied below.

AVG scan is clean.

thanks

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/25/2014
Scan Time: 6:58:57 PM
Logfile: MBAM Application log 9.25.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.25.10
Rootkit Database: v2014.09.19.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Deborah

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 341596
Time Elapsed: 52 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-09-2014
Ran by Deborah (administrator) on HOME-54822832EF on 25-09-2014 21:34:57
Running from C:\Documents and Settings\Deborah\Desktop
Loaded Profile: Deborah (Available profiles: Deborah & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Documents and Settings\All Users\Application Data\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe
() C:\Documents and Settings\All Users\Application Data\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Maxtor Corporation) C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe
(Maxtor Corp.) C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
(Ruiware LLC) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Microsoft® Corporation) C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
(Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2svc.exe
() C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2comm.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2pre.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2tray.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
( ) C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
(Pervasive Software Inc.) C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2mainh.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2host.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2audioh.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2printh.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PeachtreePrefetcher.exe] => C:\Program Files\Sage Software\Peachtree\PeachtreePrefetcher.exe [320816 2013-11-07] (Sage Software, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [MaxtorOneTouch] => C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe [712704 2006-03-27] (Maxtor Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [mxomssmenu] => C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe [81920 2005-10-17] (Maxtor Corp.)
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *‮* <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\RECYCLER\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\avg8upg\avgmfapx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\avg8upg\avgntdumpx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\avg8upg\avgrdtestx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\avg8upg\avgrdtestx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\avg8upg\avgremoverx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\avg8upg\avg8upgx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\avg8upg\avgmfapx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\googletoolbar\googletoolbar.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\avg8upg\avgrunasx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\avg8upg\avgrunasx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\avg8upg\avgrdtestx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\googletoolbar\googletoolbar.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\avg8upg\avgntdumpx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\avg8upg\setup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\avg8upg\avgmfapx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\avg8upg\avgntdumpx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\avg8upg\setup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\avg8upg\avgntdumpx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\googletoolbar\googletoolbar.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\avg8upg\avgrunasx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\avg8upg\avgmfapx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\avg8upg\avgrunasx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\avg8upg\avgremoverx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\avg8upg\avg8upgx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\avg8upg\avgremoverx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\googletoolbar\googletoolbar.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Application Data\avg8upg\avg8upgx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\avg8upg\avg8upgx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\avg8upg\avgremoverx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Application Data\avg8upg\avgrdtestx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Local Settings\Application Data\avg8upg\setup.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\Local Settings\Application Data\avg8upg\setup.exe <====== ATTENTION
Winlogon\Notify\avgrsstarter: C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\GoToMyPC: C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
HKU\S-1-5-21-515967899-1214440339-1606980848-1003\...\Run: [AVG-Secure-Search-Update_0414b] => C:\Documents and Settings\Deborah\Application Data\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe [2707480 2014-04-09] ()
HKU\S-1-5-21-515967899-1214440339-1606980848-1003\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [39264 2007-03-13] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\Deborah\Start Menu\Programs\Startup\wkcalrem.LNK
ShortcutTarget: wkcalrem.LNK -> C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\6ljv1ced.default
FF Homepage: hxxp://www.smbiz.com/|about:newtab
FF NetworkProxy: "type", 4
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.6.14 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.6.14 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @rim.com/npappworld -> C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\atgpcdec.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\atgpcext.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ieatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPZoneSB.dll (Check Point Software Technologies Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ptexmeet.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\ieatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Deborah\Application Data\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\6ljv1ced.default\searchplugins\wolframalpha.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: HTTPS-Everywhere - C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\6ljv1ced.default\Extensions\https-everywhere@eff.org [2014-09-12]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\6ljv1ced.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-08-12]
FF Extension: Delicious Bookmarks - C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\6ljv1ced.default\Extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} [2012-10-22]
FF Extension: WOT - C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\6ljv1ced.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-29]
FF Extension: Personas Plus - C:\Documents and Settings\Deborah\Application Data\Mozilla\Firefox\Profiles\6ljv1ced.default\Extensions\personas@christopher.beard.xpi [2013-03-04]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-25]
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-11-19]

Chrome:
=======
CHR HomePage: Default -> hxxp://mail.google.com/mail/?um=1&hl=en&shva=1#inbox
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.43\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (ZoneAlarm Spy Blocker Plugin Stub) - C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll (Check Point Software Technologies Ltd.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Google Update) - C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (Java Platform SE 7 U9) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (BlackBerry AppWorld) - C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR CustomProfile: C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-01-17]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-11-19]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [189736 2009-12-18] (Seagate Technology LLC)
R2 GoToMyPC; C:\Program Files\Citrix\GoToMyPC\g2svc.exe [1335640 2014-01-30] (Citrix Online, a division of Citrix Systems, Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MaxBackServiceInt; C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe [184320 2006-02-15] () [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NTService1; C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe [106496 2006-02-07] ( ) [File not signed]
R2 psqlWGE; C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [436040 2013-01-08] (Pervasive Software Inc.)
S3 Sage 50 SmartPosting 2014; C:\Program Files\Sage Software\Peachtree\SmartPostingService2014.exe [335664 2013-11-07] (Sage Software, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2008-02-27] () [File not signed]
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 IntelS51; C:\WINDOWS\System32\DRIVERS\IntelS51.sys [1903338 2004-12-10] (Intel Corporation)
R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [53208 2014-05-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-25] (Malwarebytes Corporation)
R2 monblanking; C:\WINDOWS\System32\DRIVERS\monblanking.sys [29280 2014-01-30] (Citrix Systems, Inc.)
S3 MXOPSWD; C:\WINDOWS\System32\DRIVERS\mxopswd.sys [15360 2005-04-06] (Maxtor Corp.)
R3 RT61; C:\WINDOWS\System32\DRIVERS\RT61.sys [356096 2005-10-27] (Ralink Technology Inc.)
R3 SMBios; C:\WINDOWS\System32\DRIVERS\SMBios.sys [36484 2004-06-06] (Intel Corporation) [File not signed]
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [5248 2006-09-24] (Windows ® 2000 DDK provider) [File not signed]
S3 WDC_SAM; system32\DRIVERS\wdcsam.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-25 21:34 - 2014-09-25 21:36 - 00036204 _____ () C:\Documents and Settings\Deborah\Desktop\FRST.txt
2014-09-25 21:34 - 2014-09-25 21:34 - 00000000 ____D () C:\Documents and Settings\Deborah\Desktop\FRST-OlderVersion
2014-09-25 10:12 - 2014-09-25 21:33 - 00000000 ____D () C:\Documents and Settings\Deborah\Desktop\Sept 25 mb help
2014-09-24 19:23 - 2014-09-24 19:22 - 00090112 _____ () C:\WINDOWS\Minidump\Mini092414-01.dmp
2014-09-24 12:07 - 2014-09-24 12:07 - 00018142 _____ () C:\Documents and Settings\Deborah\Desktop\Frst.txt add.txt 9.24.zip
2014-09-24 12:05 - 2014-09-24 12:07 - 00000000 ____D () C:\Documents and Settings\Deborah\Desktop\Frst.txt add.txt 9.24.14
2014-09-22 16:40 - 2014-09-22 16:43 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-22 16:29 - 2014-09-22 16:29 - 00029289 _____ () C:\Documents and Settings\Deborah\Desktop\DiagnosticLogs9.22.zip
2014-09-22 16:28 - 2014-09-22 16:28 - 00000000 ____D () C:\Documents and Settings\Deborah\Desktop\DiagnosticLogs9.22.14
2014-09-22 16:09 - 2014-09-25 21:35 - 00000000 ____D () C:\FRST
2014-09-22 15:09 - 2014-09-25 18:53 - 00000000 ____D () C:\Documents and Settings\Deborah\Desktop\New Folder
2014-09-22 15:09 - 2014-09-22 15:09 - 01682416 _____ (Malwarebytes Corporation) C:\Documents and Settings\Deborah\Desktop\mbam-check-2.1.1.1001.exe
2014-09-22 11:56 - 2014-09-25 21:34 - 01100288 _____ (Farbar) C:\Documents and Settings\Deborah\Desktop\FRST.exe
2014-09-22 10:45 - 2014-09-22 10:44 - 00090112 _____ () C:\WINDOWS\Minidump\Mini092214-01.dmp
2014-09-19 18:26 - 2014-09-25 18:58 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-19 18:26 - 2014-09-19 18:26 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-19 18:26 - 2014-09-19 18:26 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-19 18:26 - 2014-09-19 18:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-19 18:26 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-19 18:26 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-09-19 11:24 - 2014-09-19 11:24 - 00000000 ___HD () C:\WINDOWS\PIF
2014-09-18 10:06 - 2014-09-18 10:06 - 00090112 _____ () C:\WINDOWS\Minidump\Mini091814-01.dmp
2014-09-17 17:07 - 2014-09-17 17:07 - 02363888 _____ () C:\Documents and Settings\Deborah\My Documents\Scan14-09-17 1615.tif
2014-09-16 18:29 - 2014-09-16 18:29 - 00134796 _____ () C:\Documents and Settings\Deborah\My Documents\INV 64 tkts.tif
2014-09-08 19:26 - 2014-09-08 19:26 - 00045056 _____ () C:\A&A  COGS analysis2012 vs 2013 dated 9.8.14.xls
2014-08-26 20:15 - 2014-09-25 18:55 - 00000596 _____ () C:\WINDOWS\Tasks\AVG_SYS_TASK_0814av.job
2014-08-26 20:15 - 2014-08-26 20:16 - 00000000 ____D () C:\Documents and Settings\Deborah\Application Data\Avg_Update_0814av
2014-08-26 20:15 - 2014-08-26 20:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avg_Update_0814av
2014-08-26 09:32 - 2014-09-25 18:56 - 00000290 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1214440339-1606980848-1003.job

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-25 21:36 - 2013-03-27 11:48 - 00000000 ____D () C:\Documents and Settings\Deborah\Local Settings\temp
2014-09-25 21:36 - 2009-02-20 13:27 - 01687829 _____ () C:\WINDOWS\pfirewall.log
2014-09-25 20:46 - 2009-07-01 10:33 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1214440339-1606980848-1003UA.job
2014-09-25 20:44 - 2014-02-21 13:02 - 00000518 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-515967899-1214440339-1606980848-1003.job
2014-09-25 20:07 - 2013-03-27 11:48 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-09-25 19:20 - 2009-02-11 15:46 - 01574136 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-25 19:19 - 2009-08-26 10:38 - 00000330 ____H () C:\WINDOWS\Tasks\MP Scheduled Scan.job
2014-09-25 18:56 - 2014-01-17 19:58 - 00000282 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1214440339-1606980848-1003.job
2014-09-25 18:56 - 2008-04-14 08:00 - 00002422 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-25 18:55 - 2014-04-18 14:55 - 00000590 _____ () C:\WINDOWS\Tasks\AVG_SYS_TASK_0414b.job
2014-09-25 18:55 - 2014-03-11 10:23 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-09-25 18:55 - 2009-02-11 10:40 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-09-25 18:55 - 2009-02-11 10:40 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-09-25 18:54 - 2009-02-11 15:52 - 00000178 ___SH () C:\Documents and Settings\Deborah\ntuser.ini
2014-09-25 18:54 - 2009-02-11 15:50 - 00032410 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-25 18:54 - 2009-02-11 15:50 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-25 18:50 - 2013-09-11 12:06 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-09-25 18:50 - 2009-02-11 17:16 - 00000000 ____D () C:\Program Files\AVG
2014-09-25 18:49 - 2013-12-11 13:46 - 00000716 _____ () C:\WINDOWS\pvsw.log
2014-09-25 18:45 - 2010-11-26 17:17 - 00422666 _____ () C:\WINDOWS\setupapi.log
2014-09-25 17:42 - 2009-03-18 17:20 - 00000000 ____D () C:\Documents and Settings\Deborah\Application Data\Canon
2014-09-25 14:58 - 2009-02-20 13:27 - 04194309 _____ () C:\WINDOWS\pfirewall.log.old
2014-09-25 14:46 - 2009-07-01 10:33 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1214440339-1606980848-1003Core.job
2014-09-24 19:23 - 2010-03-17 15:58 - 00000000 ____D () C:\WINDOWS\Minidump
2014-09-24 16:07 - 2009-02-12 13:29 - 00051756 _____ () C:\Documents and Settings\Deborah\Application Data\wklnhst.dat
2014-09-23 12:03 - 2012-05-08 11:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-19 11:34 - 2009-09-22 16:39 - 00000000 ____D () C:\Program Files\SpeedFan
2014-09-18 16:29 - 2009-02-11 10:36 - 00192561 _____ () C:\WINDOWS\setupact.log
2014-09-17 12:31 - 2013-11-06 14:13 - 00000000 ____D () C:\Documents and Settings\Deborah\Tracing
2014-09-17 10:25 - 2009-02-11 17:29 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-15 18:39 - 2009-02-12 12:55 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
2014-09-15 18:33 - 2013-03-23 12:38 - 00000000 ____D () C:\Documents and Settings\Deborah\My Documents\1234DESKTOP MAR 22 2013
2014-09-15 09:06 - 2009-10-16 16:35 - 00231568 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-09-11 17:54 - 2013-07-24 17:20 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-11 17:33 - 2009-02-11 17:04 - 98758480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-11 16:52 - 2013-02-26 13:47 - 00000000 ____D () C:\Documents and Settings\Deborah\My Documents\2013 WorkPapers
2014-09-11 16:48 - 2014-04-14 16:50 - 00000000 ____D () C:\Documents and Settings\Deborah\My Documents\2014WorkPapers
2014-09-08 15:00 - 2014-03-11 10:23 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-09-05 08:50 - 2009-02-12 12:47 - 00000000 ____D () C:\Documents and Settings\Deborah\My Documents\NewHireInfo
2014-08-26 10:36 - 2011-12-08 14:59 - 00000000 ____D () C:\Documents and Settings\Deborah\My Documents\Bern.NewAdvisor

Some content of TEMP:
====================
C:\Documents and Settings\Deborah\Local Settings\temp\oi_{5838660A-53D9-4408-8A64-36152C86F421}.exe
C:\Documents and Settings\Deborah\Local Settings\temp\sfamcc00001.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-09-2014
Ran by Deborah at 2014-09-25 21:38:04
Running from C:\Documents and Settings\Deborah\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.03) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Belarc Advisor 7.2 (HKLM\...\Belarc Advisor) (Version:  - )
BlackBerry App World Browser Plugin (HKLM\...\{7C3911B4-3763-4037-B37E-8D7A305967B8}) (Version: 3.1.3.6 - Research In Motion Limited)
BlackBerry Desktop Software 5.0.1 (HKLM\...\BlackBerry_{CE86E2F5-850C-4207-94A3-A58D647B1733}) (Version: 5.0.1.37 - Research In Motion Ltd.)
BlackBerry Desktop Software 5.0.1 (Version: 5.0.1.37 - Research In Motion Ltd.) Hidden
BlackBerry® Media Sync (HKLM\...\{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}) (Version: 2.0.28 - Research In Motion)
Blu Dot Clock (HKLM\...\Clock 1.0) (Version: 1.0 - Blu Dot)
Bullzip PDF Printer 6.0.0.766 (HKLM\...\Bullzip PDF Printer_is1) (Version:  - Bullzip)
Carbonite Online Backup Setup (HKLM\...\Carbonite Setup Lite) (Version: 3.8.0 - Carbonite Inc.)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM\...\{C57F6C71-C365-4AFF-9108-397BBAD6127F}) (Version: 1.0.204 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Crystal Reports 2008 Runtime SP1 (HKLM\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.1.0.882 - Business Objects)
CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Duplicate Finder 2009 v2.4 (HKLM\...\Duplicate Finder 2009_is1) (Version:  - Ashisoft)
Easy Duplicate Finder v. 3.0 (HKLM\...\Easy Duplicate Finder_is1) (Version:  - WebMinds, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Free Disk Analyzer (HKLM\...\Free Disk Analyzer) (Version: 1.0.1.22 - Extensoft)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
GoogleToolBar (HKCU\...\GoogleToolBar) (Version:  - Gaby de Wilde)
GoToMeeting 7.0.0.1694 (HKCU\...\GoToMeeting) (Version: 7.0.0.1694 - CitrixOnline)
GoToMyPC (HKLM\...\{5FAB6702-2810-4C95-9840-876C2D6D12A5}) (Version: 8.1.1337 - Citrix Online)
GPL Ghostscript Lite 8.63 (HKLM\...\GPL Ghostscript Lite_is1) (Version:  - )
HDD Health v3.3 Beta (HKLM\...\HDD Health_is1) (Version:  - )
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
hp LaserJet-all-in-one (HKLM\...\hp LaserJet-all-in-one) (Version:  - hp)
Intel® 536EP Modem (HKLM\...\Intel® 536EP Modem) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version:  - )
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version:  - )
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
LaserAIO (Version: 1.00.0000 - Hewlett-Packard) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Maxtor Backup (HKLM\...\InstallShield_{9C3F9580-F5CF-4288-894E-9FF0EB24A21C}) (Version: 1.00.0040 - Maxtor)
Maxtor Backup (Version: 1.00.0040 - Maxtor) Hidden
Maxtor OneTouch III (HKLM\...\InstallShield_{60EEB642-E9E0-45A2-A676-B9D8FE17C4A9}) (Version: 3.02.0060 - Maxtor)
Maxtor OneTouch III (Version: 3.02.0060 - Maxtor) Hidden
MFC RunTime files (Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version:  - )
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0080 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office Live Meeting 2007 (HKLM\...\{389F8A7A-8611-42E8-8169-20D2BAF0C595}) (Version: 8.0.6362.215 - Microsoft Corporation)
Microsoft Office XP Standard for Students and Teachers (HKLM\...\{913D0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.31119 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31124 - Microsoft Corporation) Hidden
Microsoft Word 2002 (HKLM\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
Microsoft Works 2005 Setup Launcher (HKLM\...\Works2005Setup) (Version:  - )
Microsoft Works Suite Add-in for Microsoft Word (HKLM\...\{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}) (Version: 8.0.0.0000 - Microsoft Corporation)
Mozilla Firefox 32.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird (2.0.0.21) (HKLM\...\Mozilla Thunderbird (2.0.0.21)) (Version: 2.0.0.21 (en-US) - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee Reveal Seagate Edition (HKLM\...\{78E9A751-5616-233F-1249-16AC5758C646}) (Version: 7.0.41.11017 - muvee Technologies Pte Ltd)
Nero OEM (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )
Network Recording Player (HKLM\...\{B74F2CE0-4E8A-44DD-B542-888D7E2A22F1}) (Version: 2.23.2511 - Cisco WebEx LLC)
Opera 12.15 (HKLM\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA)
Peachtree Business Analytics (HKLM\...\{7AFCA760-E2DD-40C2-B03A-EEF03AA3197F}) (Version: 2008.0.3.1823 - Sage Software Inc.)
Peachtree Complete Accounting 2010 (HKLM\...\Peachtree Complete Accounting) (Version:  - )
PeachTree Signature Ready Forms (Version: 6.11.1 - Sage Software SB, Inc.) Hidden
Pervasive PSQL v11 Workgroup (32-bit) (Version: 11.30.057 - Pervasive Software) Hidden
Pervasive PSQL v11 Workgroup (32-bit) SP3 (HKLM\...\Pervasive PSQL v11 Workgroup (32-bit)) (Version: 11.30.057 - Pervasive Software)
Pervasive Software PSQL v9.1 Client (HKLM\...\Pervasive Software PSQL v9.1 Workgroup_is1) (Version:  - Pervasive Software)
Pervasive System Analyzer v9.1 (HKLM\...\Pervasive System Analyzer_is1) (Version:  - Pervasive Software)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Sage 50 Accounting 2014 (HKLM\...\InstallShield_{D2ADA6F5-F155-4A37-87CA-599E81F6C6C0}) (Version: 21.02.00 - Sage Software, Inc.)
Sage 50 Accounting 2014 (Version: 21.02.00 - Sage Software, Inc.) Hidden
Sage 50 Accounting Tax Forms (Version: 12.4.15 - Sage Software SB, Inc.) Hidden
Sage Download Manager (HKCU\...\2f8d25aeed0b3ae4) (Version: 1.0.0.9 - Sage)
Sage Message Center (Version: 2.00.0000 - Sage Software Inc.) Hidden
Sage Software Integration Services (HKLM\...\Integration Services) (Version: 2.2.2240 - Sage Technology)
SAP Crystal Reports runtime engine for .NET Framework 4 (32-bit) (HKLM\...\{AAD476D7-FC64-40BC-85EA-0C1FD98D8375}) (Version: 13.0.3.612 - SAP)
Scan (Version: 3.5.0.0 - Hewlett-Packard) Hidden
Seagate Manager Installer (HKLM\...\InstallShield_{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}) (Version: 2.01.0700 - Seagate)
Seagate Manager Installer (Version: 2.01.0700 - Seagate) Hidden
SeaTools for Windows (HKLM\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.2 - Seagate Technology)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
Spotify (HKLM\...\Spotify) (Version: 0.5.2 - )
Times Reader (HKLM\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.053 - The New York Times Company)
Times Reader (Version: 2.053 - The New York Times Company) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676-v2) (HKLM\...\KB2616676-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebEx Event Manager for Firefox or Chrome (HKLM\...\{72D5CE45-485E-477F-A4BD-B9BB0BCFFFF4}) (Version: 28.12.1.16851 - Cisco WebEx LLC)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.21 - Microsoft Corporation)
Windows Driver Package - Citrix Systems monblanking Citrix Driver  (04/25/2013 6.2.101.0) (HKLM\...\831FB1509292986F102B3AB7C8451FA1EA13B0F7) (Version: 04/25/2013 6.2.101.0 - Citrix Systems)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
Works Upgrade (Version: 8.0.0.0000 - Microsoft Corporation) Hidden
XMLinst (HKLM\...\{EA23971F-2CEE-48FC-B64D-7F74A6EF90F0}) (Version: 1.0.0.0 - Intel Corporation)
ZoneAlarm Spy Blocker (HKLM\...\ZoneAlarmSB Uninstall) (Version:  - ZoneAlarm)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.21.135\psuser.dl (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.2.183.23\goopdate. (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.23.9\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Chrome\Application\37.0.2062.124\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.21.145\psuser.dl (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.21.123\psuser.dl (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.21.153\psuser.dl (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1440\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.21.149\psuser.dl (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.22.3\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.21.165\psuser.dl (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.22.5\psuser.dll  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-515967899-1214440339-1606980848-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\1.3.24.7\psuser.dll  (the data entry has 7 more characters).

==================== Restore Points  =========================

30-06-2014 15:32:59 System Checkpoint
01-07-2014 17:12:16 System Checkpoint
02-07-2014 22:15:11 Installed Sage 50 Payroll Solutions Update
07-07-2014 18:28:38 System Checkpoint
09-07-2014 17:22:22 System Checkpoint
09-07-2014 22:58:13 Software Distribution Service 3.0
11-07-2014 22:30:34 System Checkpoint
14-07-2014 16:55:32 System Checkpoint
15-07-2014 18:01:07 System Checkpoint
17-07-2014 15:28:59 System Checkpoint
18-07-2014 16:00:37 System Checkpoint
18-07-2014 21:34:41 Installed GoToMyPC
19-07-2014 22:04:56 System Checkpoint
20-07-2014 22:05:40 System Checkpoint
22-07-2014 15:59:03 System Checkpoint
23-07-2014 19:22:56 System Checkpoint
24-07-2014 19:56:28 System Checkpoint
25-07-2014 15:38:47 Installed Sage 50 Payroll Solutions Update
26-07-2014 16:28:16 System Checkpoint
27-07-2014 17:16:16 System Checkpoint
28-07-2014 20:30:36 System Checkpoint
29-07-2014 20:44:50 System Checkpoint
31-07-2014 12:40:39 System Checkpoint
01-08-2014 13:37:09 System Checkpoint
01-08-2014 14:21:28 Installed AVG 2014
01-08-2014 14:28:22 Removed AVG 2014
02-08-2014 15:07:15 System Checkpoint
03-08-2014 15:19:17 System Checkpoint
04-08-2014 16:19:16 System Checkpoint
05-08-2014 22:19:10 System Checkpoint
07-08-2014 14:49:23 System Checkpoint
08-08-2014 20:10:26 System Checkpoint
09-08-2014 21:21:25 System Checkpoint
10-08-2014 22:21:22 System Checkpoint
12-08-2014 16:40:57 System Checkpoint
13-08-2014 19:41:04 System Checkpoint
13-08-2014 23:17:26 Software Distribution Service 3.0
15-08-2014 14:45:37 System Checkpoint
16-08-2014 15:51:54 System Checkpoint
17-08-2014 16:25:09 System Checkpoint
18-08-2014 16:39:15 System Checkpoint
19-08-2014 22:55:25 System Checkpoint
21-08-2014 17:07:32 System Checkpoint
22-08-2014 18:27:17 System Checkpoint
23-08-2014 18:39:14 System Checkpoint
24-08-2014 18:53:46 System Checkpoint
26-08-2014 00:43:42 System Checkpoint
27-08-2014 00:54:39 System Checkpoint
28-08-2014 15:55:01 System Checkpoint
29-08-2014 23:43:36 System Checkpoint
31-08-2014 00:57:44 System Checkpoint
01-09-2014 01:09:44 System Checkpoint
02-09-2014 01:10:15 System Checkpoint
03-09-2014 01:58:17 System Checkpoint
04-09-2014 20:32:59 System Checkpoint
05-09-2014 22:22:21 System Checkpoint
06-09-2014 22:52:45 System Checkpoint
08-09-2014 17:06:46 System Checkpoint
10-09-2014 19:14:16 System Checkpoint
11-09-2014 21:33:11 Software Distribution Service 3.0
13-09-2014 00:07:33 System Checkpoint
14-09-2014 00:30:56 System Checkpoint
15-09-2014 01:06:56 System Checkpoint
16-09-2014 17:52:43 System Checkpoint
17-09-2014 20:45:03 System Checkpoint
19-09-2014 23:39:52 System Checkpoint
21-09-2014 00:32:33 System Checkpoint
22-09-2014 01:09:02 System Checkpoint
23-09-2014 17:43:44 System Checkpoint
24-09-2014 03:39:35 Removed Jungle Disk Desktop
25-09-2014 22:44:14 Removed AVG 2014
25-09-2014 22:46:31 Removed AVG 2014
25-09-2014 23:17:14 Software Distribution Service 3.0

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-02-13 10:41 - 2013-03-27 11:45 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_0414b.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe
Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_0814av.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-515967899-1214440339-1606980848-1003.job => C:\Program Files\Citrix\GoToMeeting\1694\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1214440339-1606980848-1003Core.job => C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1214440339-1606980848-1003UA.job => C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1214440339-1606980848-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1214440339-1606980848-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

==================== Loaded Modules (whitelisted) =============

2009-03-18 17:37 - 2007-07-12 22:33 - 00087552 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2002-05-03 17:40 - 2002-05-03 17:40 - 00094274 _____ () C:\WINDOWS\system32\HPBHealr.dll
2014-08-26 20:15 - 2014-08-12 12:10 - 02775576 _____ () C:\Documents and Settings\All Users\Application Data\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe
2014-04-18 14:55 - 2014-04-09 03:48 - 02707480 _____ () C:\Documents and Settings\All Users\Application Data\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe
2006-02-15 10:56 - 2006-02-15 10:56 - 00184320 _____ () C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk => C:\WINDOWS\pss\Desktop Manager.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Jungle Disk Desktop.lnk => C:\WINDOWS\pss\Jungle Disk Desktop.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Deborah^Start Menu^Programs^Startup^Seagate 2GE6F6FJ Product Registration.lnk => C:\WINDOWS\pss\Seagate 2GE6F6FJ Product Registration.lnkStartup
MSCONFIG\startupreg: Alcmtr => ALCMTR.EXE
MSCONFIG\startupreg: AlcWzrd => ALCWZRD.EXE
MSCONFIG\startupreg: BlackBerryAutoUpdate => C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: MaxMenuMgr => "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
MSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\system32\NeroCheck.exe
MSCONFIG\startupreg: PeachtreePrefetcher.exe => "C:\PROGRA~1\SAGESO~1\PEACHT~1\PeachtreePrefetcher.exe" /configfile:peachtreeprefetcher.winstart.config
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: RIMDeviceManager => "C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServer
MSCONFIG\startupreg: SoundMan => SOUNDMAN.EXE
MSCONFIG\startupreg: Windows Defender => "C:\Program Files\Windows Defender\MSASCui.exe" -hide
MSCONFIG\startupreg: WinPatrol => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
MSCONFIG\startupreg: ZoneAlarm Client => "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-515967899-1214440339-1606980848-500 -> Administrator - Enabled - Status: OK) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-515967899-1214440339-1606980848-1004 -> Limited - Enabled - Status: OK)
Deborah (S-1-5-21-515967899-1214440339-1606980848-1003 -> Administrator - Enabled - Status: OK) => %SystemDrive%\Documents and Settings\Deborah
Guest (S-1-5-21-515967899-1214440339-1606980848-501 -> Limited - Disabled - Status: Degraded)
HelpAssistant (S-1-5-21-515967899-1214440339-1606980848-1000 -> Limited - Disabled - Status: Degraded)
SUPPORT_388945a0 (S-1-5-21-515967899-1214440339-1606980848-1002 -> Limited - Disabled - Status: Degraded)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/25/2014 09:30:43 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (09/24/2014 07:23:52 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (09/24/2014 02:00:55 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (09/23/2014 11:42:34 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (09/23/2014 06:54:25 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (09/23/2014 00:04:08 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.


System errors:
=============
Error: (09/25/2014 06:56:12 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (09/25/2014 06:52:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (09/25/2014 06:49:18 PM) (Source: PlugPlayManager) (EventID: 11) (User: )
Description: The device Root\LEGACY_AVGTDIX\0000 disappeared from the system without first being prepared for removal.

Error: (09/25/2014 06:49:17 PM) (Source: PlugPlayManager) (EventID: 11) (User: )
Description: The device Root\LEGACY_AVGIDSSHIM\0000 disappeared from the system without first being prepared for removal.

Error: (09/25/2014 05:07:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (09/25/2014 05:07:15 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1053" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/25/2014 05:07:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Windows Search service to connect.

Error: (09/25/2014 09:31:56 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (09/24/2014 07:25:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (09/24/2014 07:24:44 PM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 10000050, parameter1 80000071, parameter2 00000000, parameter3 804f2989, parameter4 00000000.


Microsoft Office Sessions:
=========================
Error: (09/25/2014 09:30:43 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (09/24/2014 07:23:52 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (09/24/2014 02:00:55 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (09/23/2014 11:42:34 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (09/23/2014 06:54:25 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (09/23/2014 00:04:08 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:


==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 68%
Total physical RAM: 1014.73 MB
Available physical RAM: 318.67 MB
Total Pagefile: 2443.61 MB
Available Pagefile: 1602.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.49 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:186.3 GB) (Free:107.44 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 186.3 GB) (Disk ID: 4F08A268)
Partition 1: (Active) - (Size=186.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

Well that did not fix the service so we'll have to check on it further but for now please run the following.

 

 

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.
 
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

Next:
 
Please Run TFC by OldTimer to clear temporary files:


  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 
 

 

Next,

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

 

fixlist.txt

Link to post
Share on other sites

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java My Add or Remove Programs is an empty blank space. :( http://support2.microsoft.com/kb/266668#FixItForMeAlways I tried  the 'fix it' tool at link above and no change I tried REGSVR32 APPWIZ.CPL at command prompt and received this message : "DLLREGISTERSERVER in appwiz.cpl succeeded". However, the problem remains even with reboot.

I thought it best to post before trying any other fixes to get add/remove programs in control panel back.

Thank you

Link to post
Share on other sites

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri Sep 26 22:21:37 2014

Found and removed: C:\Documents and Settings\Deborah\Application Data\Sun\Java\jre1.6.0_12

Found and removed: C:\Documents and Settings\Deborah\Application Data\Sun\Java\jre1.7.0_04

Found and removed: Applications\java.exe

Found and removed: Applications\javaw.exe

Found and removed: Software\Classes\JavaPlugin.160_14

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.6.0.0

Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}

Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit

Found and removed: SOFTWARE\Microsoft\Internet Explorer\Low Rights

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

Found and removed: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs

Found and removed: SOFTWARE\JavaSoft

Found and removed: SOFTWARE\JreMetrics

Found and removed: SOFTWARE\MozillaPlugins

------------------------------------

Finished reporting.



JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri Sep 26 22:21:51 2014

------------------------------------

Finished reporting.


 

Link to post
Share on other sites

Ron:
Sorry for the delay-  I have run all the fixes you requested.

JavaRa 1.16 Removal Log  is Post #14 Sept 26  above

I ran TFC and FRST

 

Is it normal for one of these programs to remove my saved passwords?(ie, my gmail log on and mbam log on were cleared)

 

Below is the Fixlog.txt

thanks again for your review and help with this.

Deb

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-09-2014
Ran by Deborah at 2014-09-29 15:49:01 Run:1
Running from C:\Documents and Settings\Deborah\Desktop
Loaded Profile: Deborah (Available profiles: Deborah & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_0414b.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe
Task: C:\WINDOWS\Tasks\AVG_SYS_TASK_0814av.job => C:\Documents and Settings\All Users\Application Data\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-515967899-1214440339-1606980848-1003.job => C:\Program Files\Citrix\GoToMeeting\1694\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1214440339-1606980848-1003Core.job => C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1214440339-1606980848-1003UA.job => C:\Documents and Settings\Deborah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\MP Scheduled Scan.job => C:\Program Files\Windows Defender\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1214440339-1606980848-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1214440339-1606980848-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
EmptyTemp:
Reboot:


*****************

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}" => Key not found.
"HKCR\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}" => Key deleted successfully.
"HKCR\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}" => Key deleted successfully.
"HKCR\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}" => Key deleted successfully.
C:\WINDOWS\Tasks\AVG_SYS_TASK_0414b.job => Moved successfully.
C:\WINDOWS\Tasks\AVG_SYS_TASK_0814av.job => Moved successfully.
C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-515967899-1214440339-1606980848-1003.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1214440339-1606980848-1003Core.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1214440339-1606980848-1003UA.job => Moved successfully.
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => Moved successfully.
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => Moved successfully.
C:\WINDOWS\Tasks\MP Scheduled Scan.job not found.
C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1214440339-1606980848-1003.job => Moved successfully.
C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1214440339-1606980848-1003.job => Moved successfully.
EmptyTemp: => Removed 110.9 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

Link to post
Share on other sites

  • Root Admin

Yes, the cookies that control that are cleared by the malware clean up and is normal.

 

How is the computer running now?

 

Let me have you do a clean removal and reinstall of MBAM now that we've cleaned up a lot of junk from this computer and see how it works now.

 



Then restart the computer again. After the restart please try the following.

 

 

 

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 

Link to post
Share on other sites

Hi Ron

The computer is running ok-no blue screens-however only problem  is Explorer crashing sometimes--is there any info I can forward (event viewer?)  for your review with regard to this problem?

 

Below is  log latest  MBAM scan -

Thank you

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/1/2014
Scan Time: 2:40:51 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.01.02
Rootkit Database: v2014.09.19.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Deborah

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 332864
Time Elapsed: 20 min, 19 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

  • Root Admin

Hello Deborah,

Getting late for me (looks like you just came on though) but let me have you run the following. Let me know how that goes and if it helps. Then post the other log and I'll check on it tomorrow and post back. Time for me to get out of here for now.

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.

If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer

How to reset Internet Explorer settings

Firefox

Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome

Start by disabling Sync

How To Delete Your Google Chrome Browser Sync Data

Chrome - Reset browser settings

If that fails then Uninstall Google Chrome and do not reinstall until sure the system is clean.

Next,

Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
Link to post
Share on other sites

Ron:

Ran browser resets, and security check log is below.

Things seem normal now-- will report back later tonite after using computer  today.

Thanks

 

Results of screen317's Security Check version 0.99.87  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2015   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 WinPatrol
 ZoneAlarm Spy Blocker   
 Windows Defender    
 Adobe Reader XI  
 Mozilla Firefox (32.0.3)
 Mozilla Thunderbird (2.0.0 Thunderbird out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 WinPatrol winpatrol.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 AVG avgwdsvc.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Ruiware WinPatrol winpatrol.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 9%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Ron

 

My computer was working fine today ---only item to note is the CPU usage goes very high and then low during scan. Other than that machine is very zippy :)

 

Currently I am scanning external hard drive back up w/ MBAM and that is only app open-usage goes to 100% to 55% to 19% and bounces back up and down again.

I scanned with AVG earlier and it found a few things. Do you have any other suggestions to clean external hard drive before I back up my newly cleaned machine?  Maybe I should just reformat this thing to be on safe side?

Thank you

 

Link to post
Share on other sites

  • Root Admin

Well you're running an old computer and AVG with MBAM is probably stressing the older hardware which is normal. Certainly a format and clean reinstall of Windows would make it cleaner, safer, and faster but most users don't see to have the means or know how to take on that task.

 

 

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
 
bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.
 
 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.
 

Link to post
Share on other sites

Ron
Thanks for the help in cleaning my machine! I've removed all the tools/logs and read thru your recommendations.

One last question:

The external hard drive wound up being infected most likely with the same that virus that infected PC  (I left MBAM scanning external hard drive last night and when I came in this morning there was blue screen due to  MBAM swissarmy file.)

 

The software manager for  the hard drive has an erase/reformat function.( I am ok with losing the files)

 

Is it  safe to erase/reformat the infected external drive from my "clean" machine utilizing the software manager?  

 

Thanks  in advance for your advice

Link to post
Share on other sites

  • Root Admin

Are you really sure you want to do that? Any documents, Pictures, videos, mail, etc will be gone and you won't be able to recover the data.

 

Not sure what you mean about Software Manager. You should be able to open My Computer and then highlight the drive you want to format and right click and chose FORMAT

 

Just make certain you're selecting the correct drive and then format it if you're certain that's what you want to do.

Link to post
Share on other sites

HI Ron

I said: The software manager for  the hard drive has an erase/reformat function.( I am ok with losing the files)

Are you really sure you want to do that? Any documents, Pictures, videos, mail, etc will be gone and you won't be able to recover the data.

I thought it easier than going thru the cleaning process like we did on PC--the data is a back up of my PC and I'm ok backing up again to reformatted clean external drive. I was concerned if it was "safe" to do so at this point-I did not want to risk reinfecting my clean machine connecting the infected external drive

Not sure what you mean about Software Manager. You should be able to open My Computer and then highlight the drive you want to format and right click and chose FORMAT

Here is link to instructions to erase/reformat:  http://knowledge.seagate.com/articles/en_US/FAQ/199863en

Again, thanks for your help-I hope to have an updated 0/S on a new machine up and running soon- you are right this computer has run its course :-)

Deb

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.